Hi, > last time I saw something like that, it was a bunch of chinese 'bots' > hammering on my public services like ssh. >another admin had turned > pop3 on too, this created a very heavy load yet they didn't show up in > top (bunches of pop3 and ssh processes showed up in ps -auxww, > however, plug netstat -an Unfortunately the server is meant for web/email purposes so I can't turn off pop3/smtp. Naturally ps shows up a lot of httpd/mysql & exim/dovecot processes but a cursory glance doesn't see any suspicious IPs. Similarly, I did a quick look at netstat -an and most of the IP are from local ISP that my clients are using. One thing that occurred to me is, does using iptables to block smtp attempt uses more "system" resources as opposed to letting the bot flood my smtp logs with pointless attempts? :)